Skill556 repo starsupdated 11d ago
bkend-auth
The bkend-auth skill provides authentication and security documentation for the bkit backend platform, covering email/password, OAuth social login, and magic link methods. Use this skill when implementing user authentication, managing JWT tokens with access and refresh lifecycles, enforcing password policies, or setting up role-based access control and row-level security for API endpoints.
Install in Claude Code
Copygit clone --depth 1 https://github.com/popup-studio-ai/bkit-claude-code /tmp/bkend-auth && cp -r /tmp/bkend-auth/skills/bkend-auth ~/.claude/skills/bkend-authThen start a new Claude Code session; the skill loads automatically.
Definition
SKILL.md
# bkend.ai Authentication & Security Guide ## Auth Methods | Method | Description | |--------|-------------| | Email + Password | Email/password signup and login | | Social (Google) | OAuth 2.0 social login | | Social (GitHub) | OAuth 2.0 social login | | Magic Link | Email link login (no password) | ## JWT Token Structure - **Access Token**: 1 hour validity - **Refresh Token**: 7 days validity - Auto-refresh: `POST /v1/auth/refresh` ## Password Policy 8+ characters, uppercase + lowercase + numbers + special characters ## MCP Auth Workflow bkend MCP does NOT have dedicated auth tools. Use this workflow: 1. **Search docs**: `search_docs` with query "email signup" or "social login" 2. **Get examples**: `search_docs` with query "auth code examples" 3. **Generate code**: AI generates REST API code based on search results ### Searchable Auth Docs | Doc ID | Content | |--------|---------| | `3_howto_implement_auth` | Signup, login, token management guide | | `6_code_examples_auth` | Email, social, magic link code examples | ### Key Pattern ``` User: "Add social login" → search_docs(query: "social login implementation") → Returns auth guide with REST API patterns → AI generates social login code ``` ## REST Auth API (Core Endpoints) For the complete endpoint list, use `search_docs` or check Live Reference. | Method | Endpoint | Description | |--------|----------|-------------| | POST | /v1/auth/email/signup | Sign up | | POST | /v1/auth/email/signin | Sign in | | GET | /v1/auth/me | Current user | | POST | /v1/auth/refresh | Refresh token | | POST | /v1/auth/signout | Sign out | | GET/POST | /v1/auth/:provider/callback | Social login callback | | POST | /v1/auth/password/reset/request | Password reset | | POST | /v1/auth/password/reset/confirm | Confirm reset | | POST | /v1/auth/password/change | Change password | | GET | /v1/auth/sessions | List sessions | | DELETE | /v1/auth/sessions/:sessionId | Remove session | | DELETE | /v1/auth/withdraw | Delete account | **Additional endpoints** (MFA, invitations, user management): use `search_docs` or Live Reference. ## RBAC (Role-Based Access Control) | Group | Description | Scope | |-------|-------------|-------| | admin | Full CRUD | All data | | user | Authenticated user | Full read, own write | | self | Owner only | createdBy-based | | guest | Unauthenticated | Read only (usually) | ## RLS (Row Level Security) - Per-table row-level access control - 4-level policies: admin/user/self/guest - Auto-filtering based on createdBy field ## Session Management - Per-device session tracking - `GET /v1/auth/sessions` - List sessions - `DELETE /v1/auth/sessions/:sessionId` - Remove session ## Official Documentation (Live Reference) For the latest authentication documentation, use WebFetch: - Auth Overview: https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/authentication/01-overview.md - MCP Auth Guide: https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/mcp/06-auth-tools.md - Security: https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/security/01-overview.md - Full TOC: https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/SUMMARY.md